Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

f728bf3725...97.apk

android-9-x86

10

f728bf3725...97.apk

android-10-x64

7

f728bf3725...97.apk

android-11-x64

10

Analysis

  • max time kernel
    14s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    21/12/2024, 22:16 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f728bf37251a5f3f5f0602ffc32183416241a656d8237e44888bdd4a18491d97.apk

  • Size

    2.5MB

  • MD5

    b3a3072269912846dc82effafb3a0bab

  • SHA1

    db3bec63f07d1d13d6f4b89457696f5df397985b

  • SHA256

    f728bf37251a5f3f5f0602ffc32183416241a656d8237e44888bdd4a18491d97

  • SHA512

    b70f315deef07b7490a39750b6fca9b9707aa141b36a1b21e0dd9e3161a87635989faf7be80ce9e2b616d53ed249e359e142b8547aa40c84ff71c6fcf0c2ec52

  • SSDEEP

    49152:aJGhmrg0SwM0sLEU3OVPXxh34XMXdfqeMqAfSyaOHfmYsYHuC+1H:aJG2MPgrVPhh2ed58fSyFHfIYOr5

Score
7/10
bankercollectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Signatures

Processes

  • com.nfcqharwe.xabkgkkfa
    1⤵
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4946

Network

  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.212.232
  • flag-us
    GET
    http://154.216.20.102/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.102:80
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: application/octet-stream
    Date: Sat, 21 Dec 2024 22:16:24 GMT
    Content-Length: 87
  • flag-us
    GET
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=201d5
    Remote address:
    154.216.20.102:80
    Request
    GET /socket.io/?EIO=3&transport=polling&sid=201d5 HTTP/1.1
    Accept: */*
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: application/octet-stream
    Date: Sat, 21 Dec 2024 22:16:24 GMT
    Content-Length: 5
  • flag-us
    POST
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=201d5
    Remote address:
    154.216.20.102:80
    Request
    POST /socket.io/?EIO=3&transport=polling&sid=201d5 HTTP/1.1
    Accept: */*
    Content-Type: text/plain;charset=UTF-8
    Content-Length: 64
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Date: Sat, 21 Dec 2024 22:16:24 GMT
    Content-Length: 2
    Content-Type: text/plain; charset=utf-8
  • flag-us
    GET
    http://154.216.20.102/socket.io/?EIO=3&transport=websocket&sid=201d5
    Remote address:
    154.216.20.102:80
    Request
    GET /socket.io/?EIO=3&transport=websocket&sid=201d5 HTTP/1.1
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: WQoV6mss2d0MAgSDHQSbaw==
    Sec-WebSocket-Version: 13
    Host: 154.216.20.102
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 101 Switching Protocols
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Accept: v7Gb2S/d0lCV9zhS9HbmzjgAatQ=
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Origin: https://localhost:45051//
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
  • flag-us
    GET
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=201d5
    Remote address:
    154.216.20.102:80
    Request
    GET /socket.io/?EIO=3&transport=polling&sid=201d5 HTTP/1.1
    Accept: */*
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: application/octet-stream
    Date: Sat, 21 Dec 2024 22:16:24 GMT
    Content-Length: 4
  • flag-us
    POST
    http://154.216.20.102/php/thvvv.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/thvvv.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 973
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:16:25 GMT
    Content-Length: 24
  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    74.125.206.84
  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    64.233.184.84
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.74
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.42
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.213.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    216.58.204.68
  • flag-us
    DNS
    g.tenor.com
    Remote address:
    1.1.1.1:53
    Request
    g.tenor.com
    IN A
    Response
    g.tenor.com
    IN CNAME
    tenor.googleapis.com
    tenor.googleapis.com
    IN A
    142.250.187.234
    tenor.googleapis.com
    IN A
    142.250.180.10
    tenor.googleapis.com
    IN A
    142.250.178.10
    tenor.googleapis.com
    IN A
    142.250.200.42
    tenor.googleapis.com
    IN A
    142.250.200.10
    tenor.googleapis.com
    IN A
    216.58.201.106
    tenor.googleapis.com
    IN A
    216.58.204.74
    tenor.googleapis.com
    IN A
    216.58.213.10
    tenor.googleapis.com
    IN A
    216.58.212.202
    tenor.googleapis.com
    IN A
    142.250.187.202
    tenor.googleapis.com
    IN A
    172.217.169.42
    tenor.googleapis.com
    IN A
    172.217.169.74
    tenor.googleapis.com
    IN A
    142.250.179.234
    tenor.googleapis.com
    IN A
    172.217.16.234
    tenor.googleapis.com
    IN A
    216.58.212.234
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.180.14
  • flag-us
    GET
    http://154.216.20.102/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.102:80
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: application/octet-stream
    Date: Sat, 21 Dec 2024 22:17:26 GMT
    Content-Length: 87
  • flag-us
    GET
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=2055a
    Remote address:
    154.216.20.102:80
    Request
    GET /socket.io/?EIO=3&transport=polling&sid=2055a HTTP/1.1
    Accept: */*
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: application/octet-stream
    Date: Sat, 21 Dec 2024 22:17:26 GMT
    Content-Length: 5
  • flag-us
    POST
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=2055a
    Remote address:
    154.216.20.102:80
    Request
    POST /socket.io/?EIO=3&transport=polling&sid=2055a HTTP/1.1
    Accept: */*
    Content-Type: text/plain;charset=UTF-8
    Content-Length: 64
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Date: Sat, 21 Dec 2024 22:17:26 GMT
    Content-Length: 2
    Content-Type: text/plain; charset=utf-8
  • flag-us
    POST
    http://154.216.20.102/php/7tbbsy6f.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/7tbbsy6f.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 758
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:17:26 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/h3nanrh6a6j1.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/h3nanrh6a6j1.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 758
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:17:26 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/eipm3u0z6v8k9r3cua.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/eipm3u0z6v8k9r3cua.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 908
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:17:26 GMT
    Content-Length: 108
  • flag-us
    POST
    http://154.216.20.102/php/3.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/3.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 154
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:17:27 GMT
    Transfer-Encoding: chunked
  • flag-us
    POST
    http://154.216.20.102/php/u2b61zt340vi3i8.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/u2b61zt340vi3i8.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 325
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:17:31 GMT
    Content-Length: 24
  • flag-us
    GET
    http://154.216.20.102/socket.io/?EIO=3&transport=websocket&sid=2055a
    Remote address:
    154.216.20.102:80
    Request
    GET /socket.io/?EIO=3&transport=websocket&sid=2055a HTTP/1.1
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: czcMP/46quuluZMxPhW8Tg==
    Sec-WebSocket-Version: 13
    Host: 154.216.20.102
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 101 Switching Protocols
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Accept: h6mc02fXWONrv0iISQyZNGMfek0=
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Origin: https://localhost:45051//
    Access-Control-Allow-Credentials: true
  • flag-us
    GET
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=2055a
    Remote address:
    154.216.20.102:80
    Request
    GET /socket.io/?EIO=3&transport=polling&sid=2055a HTTP/1.1
    Accept: */*
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: application/octet-stream
    Date: Sat, 21 Dec 2024 22:17:26 GMT
    Content-Length: 4
  • flag-us
    POST
    http://154.216.20.102/php/otdvyyy8pmcx25e.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/otdvyyy8pmcx25e.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 175
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:17:31 GMT
    Content-Length: 24
  • flag-us
    DNS
    mdh-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    mdh-pa.googleapis.com
    IN A
    Response
    mdh-pa.googleapis.com
    IN A
    142.250.200.10
    mdh-pa.googleapis.com
    IN A
    142.250.200.42
    mdh-pa.googleapis.com
    IN A
    142.250.179.234
    mdh-pa.googleapis.com
    IN A
    142.250.178.10
    mdh-pa.googleapis.com
    IN A
    172.217.16.234
    mdh-pa.googleapis.com
    IN A
    216.58.201.106
    mdh-pa.googleapis.com
    IN A
    172.217.169.42
    mdh-pa.googleapis.com
    IN A
    216.58.212.234
    mdh-pa.googleapis.com
    IN A
    142.250.180.10
    mdh-pa.googleapis.com
    IN A
    216.58.212.202
    mdh-pa.googleapis.com
    IN A
    172.217.169.74
    mdh-pa.googleapis.com
    IN A
    142.250.187.202
    mdh-pa.googleapis.com
    IN A
    142.250.187.234
    mdh-pa.googleapis.com
    IN A
    216.58.213.10
    mdh-pa.googleapis.com
    IN A
    216.58.204.74
  • flag-us
    DNS
    safebrowsing.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    safebrowsing.googleapis.com
    IN A
    Response
    safebrowsing.googleapis.com
    IN A
    142.250.187.202
  • flag-us
    DNS
    www.youtube.com
    Remote address:
    1.1.1.1:53
    Request
    www.youtube.com
    IN A
    Response
    www.youtube.com
    IN CNAME
    youtube-ui.l.google.com
    youtube-ui.l.google.com
    IN A
    142.250.200.14
    youtube-ui.l.google.com
    IN A
    142.250.187.238
    youtube-ui.l.google.com
    IN A
    216.58.204.78
    youtube-ui.l.google.com
    IN A
    142.250.187.206
    youtube-ui.l.google.com
    IN A
    216.58.201.110
    youtube-ui.l.google.com
    IN A
    142.250.178.14
    youtube-ui.l.google.com
    IN A
    142.250.200.46
    youtube-ui.l.google.com
    IN A
    172.217.16.238
    youtube-ui.l.google.com
    IN A
    142.250.180.14
    youtube-ui.l.google.com
    IN A
    172.217.169.78
    youtube-ui.l.google.com
    IN A
    172.217.169.14
    youtube-ui.l.google.com
    IN A
    216.58.212.238
    youtube-ui.l.google.com
    IN A
    142.250.179.238
    youtube-ui.l.google.com
    IN A
    172.217.169.46
  • flag-us
    DNS
    growth-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    growth-pa.googleapis.com
    IN A
    Response
    growth-pa.googleapis.com
    IN A
    142.250.178.10
    growth-pa.googleapis.com
    IN A
    216.58.212.234
    growth-pa.googleapis.com
    IN A
    172.217.169.74
    growth-pa.googleapis.com
    IN A
    142.250.200.42
    growth-pa.googleapis.com
    IN A
    142.250.187.202
    growth-pa.googleapis.com
    IN A
    142.250.180.10
    growth-pa.googleapis.com
    IN A
    142.250.200.10
    growth-pa.googleapis.com
    IN A
    142.250.187.234
    growth-pa.googleapis.com
    IN A
    172.217.16.234
    growth-pa.googleapis.com
    IN A
    216.58.201.106
    growth-pa.googleapis.com
    IN A
    142.250.179.234
    growth-pa.googleapis.com
    IN A
    216.58.212.202
    growth-pa.googleapis.com
    IN A
    216.58.204.74
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.178.4
  • flag-us
    POST
    http://154.216.20.102/php/u1sc7cn.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/u1sc7cn.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 175
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:01 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/7ot3iiartc1.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/7ot3iiartc1.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 738
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:01 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/605cpdrc.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/605cpdrc.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:09 GMT
    Content-Length: 236
  • flag-us
    POST
    http://154.216.20.102/php/qkgfn38gvve.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/qkgfn38gvve.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 175
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:12 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/ext7rya37ef5ba6bi.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/ext7rya37ef5ba6bi.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 195
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:14 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/disk.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/disk.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 195
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:14 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/vxpvv16l2.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/vxpvv16l2.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:15 GMT
    Content-Length: 88
  • flag-us
    POST
    http://154.216.20.102/php/att6z8.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/att6z8.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 195
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:15 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/utp9gvsbbzswrez0bs7.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/utp9gvsbbzswrez0bs7.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:21 GMT
    Content-Length: 88
  • flag-us
    POST
    http://154.216.20.102/php/64v4dc7hr5la5x.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/64v4dc7hr5la5x.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:27 GMT
    Content-Length: 88
  • flag-us
    POST
    http://154.216.20.102/php/wz1qok4issarfca0het.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/wz1qok4issarfca0het.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:33 GMT
    Content-Length: 88
  • flag-us
    POST
    http://154.216.20.102/php/0gr0zstc.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/0gr0zstc.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:39 GMT
    Content-Length: 88
  • flag-us
    POST
    http://154.216.20.102/php/7y4dz4gq.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/7y4dz4gq.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:45 GMT
    Content-Length: 88
  • flag-us
    GET
    http://154.216.20.102/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.102:80
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: application/octet-stream
    Date: Sat, 21 Dec 2024 22:18:01 GMT
    Content-Length: 87
  • flag-us
    GET
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=207a2
    Remote address:
    154.216.20.102:80
    Request
    GET /socket.io/?EIO=3&transport=polling&sid=207a2 HTTP/1.1
    Accept: */*
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: application/octet-stream
    Date: Sat, 21 Dec 2024 22:18:01 GMT
    Content-Length: 5
  • flag-us
    POST
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=207a2
    Remote address:
    154.216.20.102:80
    Request
    POST /socket.io/?EIO=3&transport=polling&sid=207a2 HTTP/1.1
    Accept: */*
    Content-Type: text/plain;charset=UTF-8
    Content-Length: 64
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Date: Sat, 21 Dec 2024 22:18:01 GMT
    Content-Length: 2
    Content-Type: text/plain; charset=utf-8
  • flag-us
    POST
    http://154.216.20.102/php/lzajhmvoml779.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/lzajhmvoml779.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 738
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:01 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/uo4daufn.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/uo4daufn.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 738
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:09 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/u1mmccn4yo6j4.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/u1mmccn4yo6j4.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 738
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:15 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/sg7iq9fdn.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/sg7iq9fdn.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 738
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:21 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/5phpgjy7is.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/5phpgjy7is.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 738
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:27 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/wql1lpjqg9.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/wql1lpjqg9.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 738
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:33 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/thm3l4e46no2qr4.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/thm3l4e46no2qr4.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 738
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:39 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/aikc7.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/aikc7.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 738
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:45 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/vdtjsr5co.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/vdtjsr5co.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 349
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:01 GMT
    Content-Length: 24
  • flag-us
    POST
    http://154.216.20.102/php/2eir7.php/
    Remote address:
    154.216.20.102:80
    Request
    POST /php/2eir7.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 195
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 21 Dec 2024 22:18:15 GMT
    Content-Length: 24
  • flag-us
    GET
    http://154.216.20.102/socket.io/?EIO=3&transport=websocket&sid=207a2
    Remote address:
    154.216.20.102:80
    Request
    GET /socket.io/?EIO=3&transport=websocket&sid=207a2 HTTP/1.1
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: TCOhj2H7KGCzWvbntqbKMA==
    Sec-WebSocket-Version: 13
    Host: 154.216.20.102
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 101 Switching Protocols
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Accept: 4RWC8DAetdiIMbsv+VvV9YSwO10=
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Origin: https://localhost:45051//
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
  • flag-us
    GET
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=207a2
    Remote address:
    154.216.20.102:80
    Request
    GET /socket.io/?EIO=3&transport=polling&sid=207a2 HTTP/1.1
    Accept: */*
    Host: 154.216.20.102
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: https://localhost:45051//
    Content-Type: application/octet-stream
    Date: Sat, 21 Dec 2024 22:18:01 GMT
    Content-Length: 4
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.74
    semanticlocation-pa.googleapis.com
    IN A
    216.58.213.10
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.42
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    172.217.169.78
  • flag-us
    DNS
    i.ytimg.com
    Remote address:
    1.1.1.1:53
    Request
    i.ytimg.com
    IN A
    Response
    i.ytimg.com
    IN A
    142.250.187.246
    i.ytimg.com
    IN A
    142.250.200.54
    i.ytimg.com
    IN A
    216.58.201.118
    i.ytimg.com
    IN A
    172.217.169.54
    i.ytimg.com
    IN A
    172.217.169.86
    i.ytimg.com
    IN A
    172.217.169.22
    i.ytimg.com
    IN A
    142.250.200.22
    i.ytimg.com
    IN A
    142.250.187.214
    i.ytimg.com
    IN A
    216.58.213.22
    i.ytimg.com
    IN A
    142.250.179.246
    i.ytimg.com
    IN A
    216.58.212.246
    i.ytimg.com
    IN A
    142.250.178.22
    i.ytimg.com
    IN A
    142.250.180.22
    i.ytimg.com
    IN A
    172.217.16.246
    i.ytimg.com
    IN A
    216.58.204.86
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    172.217.169.4
  • 216.58.212.232:443
    ssl.google-analytics.com
    tls
    1.4kB
     6.3kB
     10
    9
  • 154.216.20.102:80
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=201d5
    http
    1.2kB
     1.9kB
     10
    8

    HTTP Request

    GET http://154.216.20.102/socket.io/?EIO=3&transport=polling

    HTTP Response

    200

    HTTP Request

    GET http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=201d5

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=201d5

    HTTP Response

    200
  • 154.216.20.102:80
    http://154.216.20.102/socket.io/?EIO=3&transport=websocket&sid=201d5
    http
    795 B
     930 B
     10
    8

    HTTP Request

    GET http://154.216.20.102/socket.io/?EIO=3&transport=websocket&sid=201d5

    HTTP Response

    101
  • 154.216.20.102:80
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=201d5
    http
    490 B
     685 B
     6
    4

    HTTP Request

    GET http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=201d5

    HTTP Response

    200
  • 154.216.20.102:80
    http://154.216.20.102/php/thvvv.php/
    http
    1.6kB
     707 B
     6
    4

    HTTP Request

    POST http://154.216.20.102/php/thvvv.php/

    HTTP Response

    200
  • 172.217.16.238:443
    520 B
     10
  • 142.250.179.226:443
    520 B
     10
  • 142.250.187.206:443
    520 B
     10
  • 173.194.76.188:5228
    468 B
     9
  • 216.239.36.223:443
    520 B
     10
  • 216.239.36.223:443
    520 B
     10
  • 142.250.180.4:443
    520 B
     10
  • 64.233.184.84:443
    accounts.google.com
    tls
    2.0kB
     7.4kB
     18
    16
  • 216.58.201.106:443
    semanticlocation-pa.googleapis.com
    tls
    1.9kB
     6.0kB
     15
    12
  • 216.58.204.68:443
    www.google.com
    tls
    16.8kB
     15.0kB
     57
    72
  • 216.58.204.68:443
    www.google.com
    tls
    1.1kB
     5.1kB
     10
    8
  • 142.250.187.234:443
    g.tenor.com
    tls
    1.8kB
     8.1kB
     14
    15
  • 142.250.180.14:443
    android.apis.google.com
    tls
    5.7kB
     9.9kB
     18
    28
  • 154.216.20.102:80
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=2055a
    http
    1.2kB
     2.0kB
     10
    9

    HTTP Request

    GET http://154.216.20.102/socket.io/?EIO=3&transport=polling

    HTTP Response

    200

    HTTP Request

    GET http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=2055a

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=2055a

    HTTP Response

    200
  • 154.216.20.102:80
    http://154.216.20.102/php/u2b61zt340vi3i8.php/
    http
    20.3kB
     683.6kB
     275
    469

    HTTP Request

    POST http://154.216.20.102/php/7tbbsy6f.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/h3nanrh6a6j1.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/eipm3u0z6v8k9r3cua.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/3.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/u2b61zt340vi3i8.php/

    HTTP Response

    200
  • 154.216.20.102:80
    http://154.216.20.102/socket.io/?EIO=3&transport=websocket&sid=2055a
    http
    906 B
     1.1kB
     12
    11

    HTTP Request

    GET http://154.216.20.102/socket.io/?EIO=3&transport=websocket&sid=2055a

    HTTP Response

    101
  • 154.216.20.102:80
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=2055a
    http
    542 B
     737 B
     7
    5

    HTTP Request

    GET http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=2055a

    HTTP Response

    200
  • 154.216.20.102:80
    http://154.216.20.102/php/otdvyyy8pmcx25e.php/
    http
    853 B
     759 B
     7
    5

    HTTP Request

    POST http://154.216.20.102/php/otdvyyy8pmcx25e.php/

    HTTP Response

    200
  • 142.250.200.14:443
    www.youtube.com
    tls
    1.9kB
     8.3kB
     14
    15
  • 142.250.178.10:443
    growth-pa.googleapis.com
    tls
    2.2kB
     5.8kB
     16
    15
  • 142.250.178.4:443
    www.google.com
    tls
    1.4kB
     5.5kB
     11
    12
  • 154.216.20.102:80
    http://154.216.20.102/php/7y4dz4gq.php/
    http
    7.7kB
     7.9kB
     28
    18

    HTTP Request

    POST http://154.216.20.102/php/u1sc7cn.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/7ot3iiartc1.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/605cpdrc.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/qkgfn38gvve.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/ext7rya37ef5ba6bi.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/disk.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/vxpvv16l2.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/att6z8.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/utp9gvsbbzswrez0bs7.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/64v4dc7hr5la5x.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/wz1qok4issarfca0het.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/0gr0zstc.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/7y4dz4gq.php/

    HTTP Response

    200
  • 154.216.20.102:80
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=207a2
    http
    1.1kB
     2.0kB
     9
    9

    HTTP Request

    GET http://154.216.20.102/socket.io/?EIO=3&transport=polling

    HTTP Response

    200

    HTTP Request

    GET http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=207a2

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=207a2

    HTTP Response

    200
  • 154.216.20.102:80
    http://154.216.20.102/php/aikc7.php/
    http
    9.3kB
     4.6kB
     18
    13

    HTTP Request

    POST http://154.216.20.102/php/lzajhmvoml779.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/uo4daufn.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/u1mmccn4yo6j4.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/sg7iq9fdn.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/5phpgjy7is.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/wql1lpjqg9.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/thm3l4e46no2qr4.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/aikc7.php/

    HTTP Response

    200
  • 154.216.20.102:80
    http://154.216.20.102/php/2eir7.php/
    http
    1.6kB
     1.4kB
     8
    7

    HTTP Request

    POST http://154.216.20.102/php/vdtjsr5co.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.102/php/2eir7.php/

    HTTP Response

    200
  • 154.216.20.102:80
    http://154.216.20.102/socket.io/?EIO=3&transport=websocket&sid=207a2
    http
    965 B
     1.1kB
     13
    11

    HTTP Request

    GET http://154.216.20.102/socket.io/?EIO=3&transport=websocket&sid=207a2

    HTTP Response

    101
  • 154.216.20.102:80
    http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=207a2
    http
    490 B
     737 B
     6
    5

    HTTP Request

    GET http://154.216.20.102/socket.io/?EIO=3&transport=polling&sid=207a2

    HTTP Response

    200
  • 142.250.187.234:443
    semanticlocation-pa.googleapis.com
    tls
    1.7kB
     5.9kB
     11
    11
  • 172.217.169.78:443
    android.apis.google.com
    tls
    5.4kB
     9.1kB
     17
    25
  • 142.250.187.246:443
    i.ytimg.com
    tls
    1.6kB
     5.9kB
     14
    10
  • 172.217.169.4:443
    www.google.com
    tls
    7.7kB
     6.8kB
     22
    24
  • 224.0.0.251:5353
    7.3kB
     24
  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.212.232

  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    accounts.google.com

    DNS Response

    74.125.206.84

  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    accounts.google.com

    DNS Response

    64.233.184.84

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     320 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    216.58.201.106
    142.250.178.10
    142.250.200.10
    172.217.169.10
    216.58.212.234
    142.250.187.202
    142.250.187.234
    216.58.204.74
    172.217.169.74
    172.217.169.42
    172.217.16.234
    216.58.213.10
    142.250.180.10
    142.250.179.234
    142.250.200.42

  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    216.58.204.68

  • 1.1.1.1:53
    g.tenor.com
    dns
    57 B
     328 B
     1
    1

    DNS Request

    g.tenor.com

    DNS Response

    142.250.187.234
    142.250.180.10
    142.250.178.10
    142.250.200.42
    142.250.200.10
    216.58.201.106
    216.58.204.74
    216.58.213.10
    216.58.212.202
    142.250.187.202
    172.217.169.42
    172.217.169.74
    142.250.179.234
    172.217.16.234
    216.58.212.234

  • 216.58.204.68:443
    www.google.com
    https
    1.5kB
     49 B
     2
    1
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.180.14

  • 1.1.1.1:53
    mdh-pa.googleapis.com
    dns
    67 B
     307 B
     1
    1

    DNS Request

    mdh-pa.googleapis.com

    DNS Response

    142.250.200.10
    142.250.200.42
    142.250.179.234
    142.250.178.10
    172.217.16.234
    216.58.201.106
    172.217.169.42
    216.58.212.234
    142.250.180.10
    216.58.212.202
    172.217.169.74
    142.250.187.202
    142.250.187.234
    216.58.213.10
    216.58.204.74

  • 1.1.1.1:53
    safebrowsing.googleapis.com
    dns
    73 B
     89 B
     1
    1

    DNS Request

    safebrowsing.googleapis.com

    DNS Response

    142.250.187.202

  • 1.1.1.1:53
    www.youtube.com
    dns
    61 B
     319 B
     1
    1

    DNS Request

    www.youtube.com

    DNS Response

    142.250.200.14
    142.250.187.238
    216.58.204.78
    142.250.187.206
    216.58.201.110
    142.250.178.14
    142.250.200.46
    172.217.16.238
    142.250.180.14
    172.217.169.78
    172.217.169.14
    216.58.212.238
    142.250.179.238
    172.217.169.46

  • 142.250.200.14:443
    www.youtube.com
    https
    1.5kB
     49 B
     2
    1
  • 1.1.1.1:53
    growth-pa.googleapis.com
    dns
    70 B
     278 B
     1
    1

    DNS Request

    growth-pa.googleapis.com

    DNS Response

    142.250.178.10
    216.58.212.234
    172.217.169.74
    142.250.200.42
    142.250.187.202
    142.250.180.10
    142.250.200.10
    142.250.187.234
    172.217.16.234
    216.58.201.106
    142.250.179.234
    216.58.212.202
    216.58.204.74

  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.178.4

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     304 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    142.250.187.234
    142.250.180.10
    142.250.200.42
    142.250.178.10
    142.250.179.234
    172.217.169.10
    216.58.201.106
    216.58.204.74
    172.217.169.74
    216.58.213.10
    172.217.169.42
    172.217.16.234
    142.250.200.10
    142.250.187.202

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    172.217.169.78

  • 1.1.1.1:53
    i.ytimg.com
    dns
    57 B
     297 B
     1
    1

    DNS Request

    i.ytimg.com

    DNS Response

    142.250.187.246
    142.250.200.54
    216.58.201.118
    172.217.169.54
    172.217.169.86
    172.217.169.22
    142.250.200.22
    142.250.187.214
    216.58.213.22
    142.250.179.246
    216.58.212.246
    142.250.178.22
    142.250.180.22
    172.217.16.246
    216.58.204.86

  • 142.250.187.246:443
    i.ytimg.com
    https
    1.5kB
     49 B
     2
    1
  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    172.217.169.4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Discovery

Process Discovery

1
T1424

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.nfcqharwe.xabkgkkfa/app_dex/classes.dex
    Filesize

    2.9MB

    MD5

    80e5d436b3843e99b73d32fd05fabe17

    SHA1

    a388f14850064573a5d412b11978a461ded85c3c

    SHA256

    ea108353eadc51b8ec5ff20cee44d82d2772fb2f040431548162931f3639164a

    SHA512

    844cfdee0b41c802c3704d9026d4ed1f878064d6cdfcc7682300d219e4af7d8a08b1bf281afa870c742f1be0d2c85c9c4aecc2c9a61f4f8b86ba1f6476ccd177

    Download Submit

  • /data/data/com.nfcqharwe.xabkgkkfa/cache/classes.dex
    Filesize

    1.0MB

    MD5

    d4b361bde77bc30bb7a86a487c0d13ee

    SHA1

    b4a8a774eaa2669bf4161fa7c859e15d36f363dc

    SHA256

    3519ff29f20769c9dc1ba735b84254c3fd4869b024386c4adfeeadd2b28bccc6

    SHA512

    cd989b80c1a4d77268d9c014c96f6eb895dc3d88d8f82420e22d7114ef4431a4bd735bf809085915bc2696ad1878080c1655839a7f77ca6cc5b17ae2918f94c0

    Download Submit

  • /data/data/com.nfcqharwe.xabkgkkfa/cache/classes.zip
    Filesize

    1.0MB

    MD5

    e45c66d1e58aad644b49c0e193e07f8a

    SHA1

    36bb431e9406031640e86092169de66178712a58

    SHA256

    729f573130a67a28ea59a1fdd7ee657bdc6cd2128ab8b935288302b110676600

    SHA512

    0c4fc799c261dd57541579c8cbf184b6dfe888b3a163c7c4cac4029d6b2959529de4c84db5674684b46bea8f4b1a93888fc6c5e1af087e8f3c21a76b3325a873

    Download Submit

  • /data/data/com.nfcqharwe.xabkgkkfa/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.nfcqharwe.xabkgkkfa/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    cd630df50452fd0b5dc2a24e96291cd0

    SHA1

    ca980314834b1fc52233bdff95831fb54f81b4ca

    SHA256

    91a4627a3e0f5a6a4d3664f05f5a965a6a6bf964740f71b1a0d8f9d3e2600be3

    SHA512

    abdeb3df9577dad73fc26d4030be80e9a7dca1ed6ec6d4c4e9cd0335b8297211be74983333863e4f66b9d2f4a902f01541d0ddddae87937b000062e6132ce452

    Download Submit

  • /data/data/com.nfcqharwe.xabkgkkfa/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.nfcqharwe.xabkgkkfa/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    d66d9b101acaa21702bb34fc9e83a706

    SHA1

    a7f11c6e6e44fb94871823e4502a833238ebb181

    SHA256

    ccfcf53d0c9d788027549ea68db18e1389563c23dbdea423bef074d7ab9f6e31

    SHA512

    28991256d2f6c04e33e8503b69020104565b98681e08177de708d71cc94829b14fdc7e4fae6bb1319c647571df07190fe74c6e25e91a8478203bdb69a9c8cb3d

    Download Submit

  • /data/data/com.nfcqharwe.xabkgkkfa/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    b2aa63cbf95aaca3913c73b11cb87be8

    SHA1

    c5e9dd8763b2e4a29d5f08ac1b47ad4a44a22d72

    SHA256

    aa062b91a2fdba0298dd07cb91f3808fb4adcec128cf8447e9858189da6f63bd

    SHA512

    4a537f3cad23374eb66092d075805179ac3a4e4400475436d6b4b3ef4719dd244d068e70446dd2e24d8a89af2e297cb9cc9faeed61209e09a66e0c75ed02fe6e

    Download Submit

  • /data/data/com.nfcqharwe.xabkgkkfa/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    c205a3ef39ef7ec3c498b323647c0711

    SHA1

    d01940a6a42ddfd16bce8983c9ee6fc33d2bff89

    SHA256

    03c97b1ce1fccb5c8108cef2e7f13d41de88eb9a2e4069c2be889e5a80ca438b

    SHA512

    1c1e201d6c6a823fbc1826d362439b3c7f99f8b32a9d54c2c0298dbf23e077aa13f2ad3c5124a463690367df4ef9d64bb7a342a253585b41a6c342b9750db9e5

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.